how to use glorytun

[ITz-net]

Hi

i try to use glorytun with ubuntu 18 LTS x64 on both client & server (195.245.x.x), and still NO HAVE CONNECT :( 1) my server use aes but client how i see glorytun output no want use aes and use only chacha20, what i may use chacha20 "cipher" in glorytun server configuration? okey i try version 2.2, 2.1 same things.. i compile, download many pre-compiled version it's all not worked....

2) tell me please what network interface for run glorytun need to bind on client, i have six ethernet interfaces, 4 lan dhcp in bridge, 2 isp(192.168.1.100 and 192.168.2.100), bridge ip 10.10.10.1, i need run glorytun on bridge or on first isp interface?? please explain

3) I need to use glorytun multi-path, this is the main thing for what I try to use glorytun, so i have multi nic client configuration how you see with dual isp1, isp2 network connections tell me please path command to add multi path's and control it

P.s. please post the full working configuration for using glorytun with two isp on client and one server, it's very important, your Readme and Wiki is not actual :-(

[angt]

Hi, If all versions fail, I guess something is wrong in your setup. Can you first check this points:

• Desynchronized clocks between the server and the client, a tolerance of 10min is accepted.
• Each path has to be registered with the command glorytun path and the option rate is mandatory.
• Bad network config: ping -I should work for each path.

[ITz-net]

• it's not clocks trouble, both client and server in same timezone and synchronized with ntp

• path for now not main trouble, have command to see all path configuration?

• ping is good, both isp answered, i think maybe something with UDP, but OpenVPN with UDP worked fine.. hmm

__ i try tomorrow post full my configuration, logs..

[angt]

The command to show all path is glorytun path.

[ITz-net]

I use pre-compiled version of glorytun 0.2.2, for client and server, all run from root user:

wget https://github.com/angt/glorytun/releases/download/v0.2.2/glorytun-0.2.2-x86_64-linux-musl.bin
mv glorytun-0.2.2-x86_64-linux-musl.bin glorytun
chmod +x glorytun

so my configs, server side:

first create key ./glorytun keygen > gt.key

after run glorytun with bind server ip and port and tun interface (if need) , i use chacha, aes my client is not support.. ./glorytun bind 195.245.103.245 55055 dev tun0 keyfile gt.key chacha

adding ip address to tun0 interface: ifconfig tun0 10.0.1.1 pointopoint 10.0.1.2 up

route traffic from glorytun tunnel (tun0) to internet (eth0): masqarade traffic from glorytun tunnel to internet: iptables -t nat -I POSTROUTING -s 10.0.1.0/24 -o eth0 -j MASQUERADE accept input traffic from tun0 interface: iptables -I INPUT -i tun0 -j ACCEPT enable forward traffic between tun0 (glorytun) and eth0(internet) interfaces:

iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT

client side (now all manualy run for debug): running glorytun from client (gt.key same as on server gt.key): ./glorytun bind 0.0.0.0 to 195.245.103.245 55055 dev tun0 keyfile gt.key chacha

running on device tun0 as pid 4019

adding ip address to tun0 interface: ifconfig tun0 10.0.1.2 pointopoint 10.0.1.1 up check interface is create and up, also check ip and other info with this command: ip a

tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc fq_codel state UNKNOWN group default qlen 500 link/none inet 10.0.1.2 peer 10.0.1.1/32 scope global tun0 valid_lft forever preferred_lft forever

adding first path:
./glorytun path up 192.168.1.100 rate tx 50mbit rx 50mbit

check tunnel connection with server ip: ping 10.0.1.1

PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data. 64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=49.4 ms 64 bytes from 10.0.1.1: icmp_seq=2 ttl=64 time=50.2 ms 64 bytes from 10.0.1.1: icmp_seq=3 ttl=64 time=54.3 ms 64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=60.3 ms 64 bytes from 10.0.1.1: icmp_seq=5 ttl=64 time=52.8 ms

check first path: ./glorytun path path UP status: OK bind: 192.168.1.100 port 5000 public: xxx.xxx.144.148 port 36085 peer: 195.245.103.245 port 55055 mtu: 1472 bytes rtt: 53.901 ms rttvar: 6.090 ms tx: rate: 6250000 bytes/sec loss: 0 percent total: 120 packets rx: rate: 6250000 bytes/sec loss: 0 percent total: 79 packets

trying to add second path, he automaticaly take first status: DEGRADED i think it's okey, so after i try ping 10.0.1.1, and re-check status, second path status OK, so multi-path is worked! :-) ./glorytun path up 192.168.2.100 rate tx 50mbit rx 50mbit

./glorytun path path UP status: OK bind: 192.168.1.100 port 5000 public: xxx.xxx.144.148 port 36085 peer: 195.245.103.245 port 55055 mtu: 1472 bytes rtt: 88.470 ms rttvar: 68.228 ms tx: rate: 6250000 bytes/sec loss: 0 percent total: 156 packets rx: rate: 6250000 bytes/sec loss: 0 percent total: 107 packets path UP status: DEGRADED bind: 192.168.2.100 port 5000 public: - port 0 peer: 195.245.103.245 port 55055 mtu: 1302 bytes rtt: 0.000 ms rttvar: 0.000 ms tx: rate: 6250000 bytes/sec loss: 0 percent total: 0 packets rx: rate: 6250000 bytes/sec loss: 0 percent total: 0 packets

i try to ping server from tunnel ping 10.0.1.1 PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data. 64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=51.7 ms 64 bytes from 10.0.1.1: icmp_seq=5 ttl=64 time=48.3 ms 64 bytes from 10.0.1.1: icmp_seq=6 ttl=64 time=49.0 ms

and check after glorytun second path ./glorytun path path UP status: OK bind: 192.168.1.100 port 5000 public: xxx.xxx.144.148 port 15757 peer: 195.245.103.245 port 55055 mtu: 1472 bytes rtt: 58.416 ms rttvar: 6.057 ms tx: rate: 6250000 bytes/sec loss: 3 percent total: 273 packets rx: rate: 6250000 bytes/sec loss: 0 percent total: 153 packets path UP status: OK bind: 192.168.2.100 port 5000 public: xxx.xxx.156.25 port 3506 peer: 195.245.103.245 port 55055 mtu: 1472 bytes rtt: 50.682 ms rttvar: 5.899 ms tx: rate: 6250000 bytes/sec loss: 3 percent total: 113 packets rx: rate: 6250000 bytes/sec loss: 6 percent total: 72 packets

both path is up, but wget and other http/https traffic is not go, so i try to add "standard commands" for client with tunnel:

#remove default route
sudo ip route del default
#add default route with glorytun only
sudo ip route add default via 10.0.1.1 dev tun0
#masqarade local net traffic
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
#enable local traffic route with tunnel
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
#forward all local traffic (from bridge or lan network interface) to glorytun tunnel
iptables -A FORWARD -i bg0 -o tun0 -j ACCEPT

All is work, Adrien BIG THANK TO YOU for you work :-)

[ITz-net]

My client dual isp route configs

1) first, edit file /etc/iproute2/rt_tables and adding these strings:

#
# reserved values
#
#255     local
#254     main
#253     default
#0       unspec
101     isp1    #<---------add this string to file rt_tables
102     isp2   #<---------add this string to file rt_tables

2) second, create file dual_isp.sh, after chmod +x dual_isp.sh, and run with ./dual_isp.sh

#script  path: /root/dual_isp.sh
#script for dual isp connection (linux, ubuntu, debian)
#!/bin/sh
#!/bin/bash

# LAN interface
IF0="bg0"

# WAN interface 1
IF1="enp6s1"

# WAN interface 2
IF2="enp6s2"

IP1="192.168.1.100"
IP2="192.168.2.100"

# gateway 1
P1="192.168.1.1"
# gateway 2
P2="192.168.2.1"

# LAN netmask
P0_NET="10.10.10.0/24"
# WAN1 netmask
P1_NET="192.168.1.0/24"
# WAN2 netmask
P2_NET="192.168.2.0/24"

TBL1="isp1"
TBL2="isp2"

#or edit file /etc/sysctl.conf and permanently enable ip forward
echo "1" > /proc/sys/net/ipv4/ip_forward

ip route add $P1_NET dev $IF1 src $IP1 table $TBL1 > /dev/null 2>&1
ip route add default via $P1 table $TBL1 > /dev/null 2>&1
ip route add $P2_NET dev $IF2 src $IP2 table $TBL2 > /dev/null 2>&1
ip route add default via $P2 table $TBL2 > /dev/null 2>&1

ip route add $P1_NET dev $IF1 src $IP1 > /dev/null 2>&1
ip route add $P2_NET dev $IF2 src $IP2

ip route add default via $P1 > /dev/null 2>&1

ip rule add from $IP1 table $TBL1 > /dev/null 2>&1
ip rule add from $IP2 table $TBL2 > /dev/null 2>&1

ip route add $P0_NET dev $IF0 table $TBL1 > /dev/null 2>&1
ip route add $P2_NET dev $IF2 table $TBL1 > /dev/null 2>&1
ip route add 127.0.0.0/8 dev lo table $TBL1 > /dev/null 2>&1
ip route add $P0_NET dev $IF0 table $TBL2 > /dev/null 2>&1
ip route add $P1_NET dev $IF1 table $TBL2 > /dev/null 2>&1
ip route add 127.0.0.0/8 dev lo table $TBL2 > /dev/null 2>&1

iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s $P0_NET -o $IF1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s $P0_NET -o $IF2 -j MASQUERADE

3) using with system start-up crontab -e add this line to end of file, sleep 35 is a time with 35 second after system up for waiting isp1(enp6s1) and isp2(enp6s2) interfaces is up and receive ip (if dhcp method used), after it system is running dual_isp.sh script, for use dual isp connections in same time.. @reboot sleep 35 && /root/dual_isp.sh >/dev/null 2>&1

[ITz-net]

Adrien you may add this topic in how-to use glorytun with dual isp :-)

[angt]

Nice 👍 I'll take some time on the wiki after the 0.3 release. But if you have time and energy your contribution on the wiki will be much appreciated as it is editable by everyone :)